With
today's telephone systems, if you connect your computer's
modem to an outside telephone line, then anybody in the world can
call it. In the future, the telephone system might be able to easily
prevent people from calling your computer's modem unless
you have specifically preauthorized them. Until then, we will have
to rely on other mechanisms to protect our modems and computers
from intruders.

Although usernames and passwords provide
a degree of security, they are not foolproof. Users often pick bad
passwords, and even good passwords can occasionally be guessed or
discovered by other means.

For this reason, a variety
of special kinds of modems have been developed that further protect
computers from unauthorized access. These modems are more expensive
than traditional modems, but they do provide an added degree of
security and trust.

Password modems.
These modems require the caller to enter a password
before the modem connects the caller to the computer. As with regular
UNIX passwords, the security provided by these
modems can be defeated by repeated password guessing or by having
an authorized person release his password to somebody who is not
authorized. Usually, these modems can only store one to ten passwords.
The password stored in the modem should not
be the same as the password of any user. Some versions of UNIX
can be set up to require special passwords for access by modem.
Password modems are probably unnecessary on systems of this kind;
the addition of yet another password may be more than your users
are prepared to tolerate.

Callback setups.
As we mentioned earlier in this chapter, these
schemes require the caller to enter a username, and then immediately
hang up the telephone line. The modem then will call the caller
back on a predetermined telephone number. These schemes offer a
higher degree of security than regular modems, although they can
be defeated by somebody who calls the callback modem at the precise
moment that it is trying to make its outgoing telephone call. Most
callback modems can only store a few numbers to call back. These
modems can also be defeated on some kinds of PBX
systems by not hanging up the telephone line when the computer attempts
to dial back.

Encrypting modems.
These modems, which
must be used in pairs, encrypt
all information transmitted and received over the telephone lines.
These modems offer an extremely high degree of security not only
against individuals attempting to gain unauthorized access, but
also against wiretapping. Some encrypting modems contain preassigned
cryptographic "keys" that work only in pairs.
Other modems contain keys that can be changed on a routine basis,
to further enhance security. (Chapter 6, Cryptography,
contains a complete discussion of encryption.)

Caller-ID and ANI schemes. These
use
a relatively new feature available on many digital telephone switches.
As described in the section "" earlier in this
chapter, you can use the information provided by the telephone company
for logging or controlling access. Already, some commercial firms
provide a form of call screening using ANI (Automatic
Number Identification) for their 800 numbers (which have had ANI
available since the late 1980s). When the user calls the 800 number,
the ANI information is checked against a list
of authorized phone numbers, and the call is switched to the company's
computer only if the number is approved.